Mimikatz Exploit Utility

Category: Adware and PUAs Protection available since:16 Apr 2012 14:38:48 (GMT)
Type: Hacking Tool Last Updated:03 Apr 2017 20:57:42 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mimikatz Exploit Utility include:

Example 1

File Information

Size
341K
SHA-1
11df28bea28f9a3e4265e2a31d07258e2847b488
MD5
d771592a09a9960f8a8e0ec80a1ea18e
CRC-32
d0c2d7fb
File type
Windows executable
First seen
2016-06-07

Example 2

File Information

Size
178K
SHA-1
443368e000c1e95643135d8d5b16aeeb8e2d5162
MD5
e60c97ddb52070e0702ea5ac5fa986e8
CRC-32
f0e99a88
File type
Windows executable
First seen
2014-05-08

Runtime Analysis

Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\DiagL2SecCtlGuid
    BitNames
    SECHC_LOG_FLAG_ASSERT SECHC_LOG_FLAG_INIT SECHC_LOG_FLAG_DIAG SECHC_LOG_FLAG_ONEX_DIAG SECHC_LOG_FLAG_REPAIR SECHC_LOG_FLAG_STATE SECHC_LOG_FLAG_EXT SECHC_LOG_FLAG_EVENT_LOG SECHC_LOG_FLAG_FUNCTION SECHC_LOG_FLAG_MEMORY SECHC_LOG_FLAG_LOCKS
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid
    BitNames
    DOT11_ASSOCIATE DOT11_ROAMING DOT11_1X DOT11_PNP DOT11_SCAN DOT11_RECEIVE DOT11_SEND DOT11_IOCTL DOT11_OID DOT11_MISC DOT11_UPCALL DOT11_KEYMGR DOT11_PEER DOT11_SOFTAP DOT11_PAM DOT11_REPEATER DOT11_APROUTER DOT11_WME DOT11_CONFIG DOT11_MSM DOT11_MSM_ADAPT DOT11_MSM_SCAN DOT11_MSM_CONNECT DOT11_MSM_SECURITY_PKT DOT11_NOTIFY_OBJECT
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid
    BitNames
    DOT11_AUTOCONF DOT11_AUTOCONF_CLIENT DOT11_AUTOCONF_UI DOT11_FATMSM DOT11_COMMON DOT11_WLANGPA DOT11_CLASS_COINSTALLER
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDiagCoreCtlGuid
    BitNames
    WD_LOG_FLAG_INIT WD_LOG_FLAG_RPC WD_LOG_FLAG_EVENT WD_LOG_FLAG_INTERFACE WD_LOG_FLAG_CONNECTION WD_LOG_FLAG_CONTROL WD_LOG_FLAG_LOCKS WD_LOG_FLAG_MEMORY WD_LOG_FLAG_REFERENCES WD_LOG_FLAG_FUNCTION_TRACE WD_LOG_FLAG_ASSERT
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing
    ControlFlags
    0x00000001
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid
    BitNames
    WLANHC_AUTOCONFIG WLANHC_RNWFMSM WLANHC_FATMSM WLANHC_DLLMAIN WLANHC_TEST

Example 3

File Information

Size
33K
SHA-1
005754dab657ddc6dae28eee313ca2cc6a0c375c
MD5
a37ed7663073319d02f2513575a22995
CRC-32
a1f90612
File type
Windows executable
First seen
2017-06-19

download Try Sophos products for free
Download now